Skip to main content
Generate production-ready devcontainer configurations with Claude Code, modern dev tools, and persistent volumes. Supports Python, Node/TypeScript, Rust, and Go.

Overview

The Devcontainer Setup skill creates isolated development environments with Claude Code pre-installed, language-specific tooling, modern CLI utilities, and persistent session data. Perfect for sandboxed development, team onboarding, or reproducible builds. Author: Alexis Challande

Features

Claude Code Pre-installed

Includes Claude Code with bypassPermissions configured and marketplace plugins auto-loaded

Multi-Language Support

Detects and configures Python 3.13, Node 22, Rust, and Go automatically

Modern CLI Tools

Includes ripgrep, fd, fzf, tmux, git-delta, ast-grep for enhanced development

Session Persistence

Command history, GitHub CLI auth, and Claude config survive container rebuilds

Supported Languages

LanguageDetectionConfiguration
Pythonpyproject.toml, *.pyPython 3.13 via uv (fast binary install)
Node/TypeScriptpackage.json, tsconfig.jsonNode 22 via fnm
RustCargo.tomlDevcontainer feature
Gogo.modDevcontainer feature
Multi-language projects automatically get all detected configurations merged.

Generated Files

| File | Purpose | |------|---------|| | Dockerfile | Container build instructions with Claude Code and dev tools | | devcontainer.json | VS Code/devcontainer configuration | | post_install.py | Post-creation setup (permissions, tmux, git config) | | .zshrc | Shell configuration with history persistence | | install.sh | CLI helper (devc command) for managing containers |

Installation

/plugin install trailofbits/skills/plugins/devcontainer-setup

Usage

1

Request Devcontainer

Tell Claude to set up a devcontainer:
Set up a devcontainer for this project
or
Add devcontainer support with Python and Node
2

Automatic Detection

Claude detects your project’s language stack by scanning for:
  • pyproject.toml, *.py → Python
  • package.json, tsconfig.json → Node/TypeScript
  • Cargo.toml → Rust
  • go.mod → Go
3

Configuration Generated

Claude writes 5 files to .devcontainer/:
  • Dockerfile with language runtimes
  • devcontainer.json with VS Code settings
  • post_install.py for setup automation
  • .zshrc for shell configuration
  • install.sh for CLI helper commands
4

Start Container

Open in VS Code and select “Reopen in Container”, or use:
devcontainer up --workspace-folder .

CLI Helper Commands

After generating, run .devcontainer/install.sh self-install to add the devc command: 
# Install template + start container in current directory
devc .

# Start the devcontainer
devc up

# Rebuild container (preserves persistent volumes)
devc rebuild

# Stop the container
devc down

# Open zsh shell in container
devc shell

Language-Specific Configuration

Python Projects

Detected from: pyproject.toml, requirements.txt, *.py Includes:
  • Python 3.13 via uv (fast binary install, not source compilation)
  • VS Code extensions: python, pylance, ruff
  • Auto-configured interpreter path: .venv/bin/python
  • Ruff formatting on save
Post-create command: 
rm -rf .venv && uv sync && uv run /opt/post_install.py

Node/TypeScript Projects

Detected from: package.json, tsconfig.json Includes:
  • Node 22 via fnm (Fast Node Manager)
  • VS Code extensions: eslint, prettier
  • Auto-detect package manager from lockfile (pnpm, yarn, npm)
  • Prettier formatting on save
Post-create command: 
# Detects lockfile automatically:
uv run /opt/post_install.py && npm ci          # package-lock.json
uv run /opt/post_install.py && pnpm install --frozen-lockfile  # pnpm-lock.yaml
uv run /opt/post_install.py && yarn install --frozen-lockfile  # yarn.lock

Rust Projects

Detected from: Cargo.toml Includes:
  • Rust via devcontainer feature
  • VS Code extensions: rust-analyzer, even-better-toml
  • Locked builds when Cargo.lock exists
Post-create command: 
uv run /opt/post_install.py && cargo build --locked

Go Projects

Detected from: go.mod Includes:
  • Go latest via devcontainer feature
  • VS Code extension: golang.go
  • Language server enabled
Post-create command: 
uv run /opt/post_install.py && go mod download

Security Model

The devcontainer provides filesystem isolation with network isolation capabilities:
  • Container filesystem is isolated from host
  • Your ~/.gitconfig is mounted read-only
  • Persistent volumes preserve auth across rebuilds
  • No access to host files outside project directory
  • iptables/ipset with NET_ADMIN/NET_RAW capabilities
  • Restrict outbound traffic by domain/IP
  • NPM security: scripts disabled, 24-hour package release delay
These survive container rebuilds:
  • Command history (zsh)
  • GitHub CLI authentication
  • Claude Code configuration
  • SSH keys (via persistent volume)

Advanced Usage

Adding Persistent Volumes

Pattern for new mounts in devcontainer.json: 
"mounts": [
  "source=myproject-cargo-${devcontainerId},target=/home/vscode/.cargo,type=volume",
  "source=myproject-go-${devcontainerId},target=/home/vscode/go,type=volume"
]
Common persistent directories:
  • /home/vscode/.cargo (Rust dependencies)
  • /home/vscode/go (Go modules)
  • /home/vscode/.npm (NPM cache)
  • /home/vscode/.cache (General cache)

Multi-Language Projects

For projects using multiple languages (e.g., Python + Node):
  1. All detected languages are configured automatically
  2. Extensions from all languages are merged
  3. Post-create commands are chained:
uv run /opt/post_install.py && uv sync && npm ci

Tailscale Integration

For secure networking between devcontainers: 
"features": {
  "ghcr.io/devcontainers/features/tailscale:1": {}
}
Configure Tailscale auth key as a devcontainer secret.

Reference Material

The skill includes detailed reference documentation:
  • dockerfile-best-practices.md - Layer optimization, multi-stage builds, architecture support
  • features-vs-dockerfile.md - When to use devcontainer features vs custom Dockerfile

Validation Checklist

Before starting the container, verify:

Troubleshooting

Check Docker is running:
docker ps
Rebuild container:
devc rebuild
The post_install.py script handles permissions. If issues persist:
# Inside container
sudo chown -R vscode:vscode /home/vscode
Check the post-create command ran successfully:
# View container logs
docker logs <container-id>
Manually run setup:
devc shell
uv sync  # Python
npm ci   # Node
Ensure persistent volumes are configured in devcontainer.json:
"mounts": [
  "source=myproject-data-${devcontainerId},target=/home/vscode/.local,type=volume"
]
  • Modern Python - Python tooling configured in devcontainers (uv, ruff, pytest)
  • GH CLI - GitHub CLI comes pre-installed and authenticated
  • Ask Questions If Underspecified - Used when project language is ambiguous

Build docs developers (and LLMs) love

Get started for freeTalk to us